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DETAILED ACTION 

CLAIMS PRESENTED 

n 

Claims 1-26 are presented. 

Response to Arguments 

Applicant's arguments filed have been fully considered but they are not 
persuasive. 

Regarding the prior art of record (Frantzen), the most poignant sentence of 

Frantzen appears to be that of the third paragraph of section 1 . Introduction: 

Knowledge of what buffer flows are [12], their relevance to security 
exploits [1 , 13] and why they occur is a prerequisite to understanding this 
paper. 

The papers that Frantzen numbered and cited (12, 1, 13) can be found in the 
bibliography of Frantzen. These papers are in no way particularly extraordinary. 
Rather, they are merely what is ordinary skill in the art and is even stated by Frantzen 
as "a prerequisite" to understanding Frantzen. Thus, the Office assumes the 
prerequisite. 

Applicant argued that there is no way that Frantzen could reasonably point to 
virus handlings of the claimed invention. Yet, the buffer flows, their relevance to 
security exploits, and why they occur is the very prerequisite of the subject matter of 
Frantzen. These buffer flows are how viruses attack at a processor level. Thus, 
Applicant's arguments are not persuasive. 
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Applicant also argued that Frantzen could not reasonably teach protection at 
processor instruction level. This cannot be. Frantzen explicitly mentions that Sun 
Sparc was chosen for the very purpose of stack handling. Solaris, the operating system 
most associated with Sparc, has supported globally disabling stack execution on Sparc 
processors since Solaris 2.6 (1997). In Solaris 9 (2202), support for disabling stack 
execution on a per-executable basis was added. This stack handling is the direct 
competing feature to Intel's XD bit and AMD's NX bit. See, for further information, 
Wikipedia article on NX bit (cited in the previous Office Action). Thus, Applicant's 
arguments are not persuasive. 

Indeed, Applicant's reading of Frantzen must be considered either an 
intentionally narrow reading or perhaps even a mistaken reading. Applicant cited (at 
page 7 of the outstanding Response to Office Action) a paragraph of Frantzen which 
seems to refer to "deep function calls" according to Applicant. Even in that very 
paragraph of Frantzen, there is no statement limiting the situation to deep function calls. 
Actually, Frantzen (the author) discussed an improvement over what Frantzen 
considered an obvious, trivial implementation. Sparc (the processor Frantzen discusses 
regarding stacks) already had disabling of stack execution. Thus, the obvious, trivial 
implementation would have been protection at the "point of individual function calls" as 
Applicant phrased. Frantzen's discussion of improvement does not mean that the prior 
art no longer existed after having existed, merely that Frantzen found an improvement. 

Thus, the rejections must stand. Applicant is respectfully requested either to 
amend claims or to provide further arguments or otherwise appropriately respond. 



Application/Control Number: 10/612,763 



Art Unit: 2134 



Page 4 



CLAIM REJECTIONS 

Claim Rejections - 35 USC § 102 

Claims 1 -7, 1 0-1 1 , 1 3-1 7 are rejected under 35 U.S.C. 1 02(b) as being 
anticipated by Frantzen (Frantzen, Shuey, StackGhost: Hardware Facilitated Stack 
Protection, Proceedings of the 10 th USENIX Security Sympsium, August, 2001). 

Frantzen teaches: 

Clam 1 : A processor comprising: 

a plurality of functional units (Section 2.1 Conventional function calls, i.e. 
function calls), including a first functional unit and a second 

functional unit, the first functional unit to receive instructions, to 

♦ 

determine whether ones of the instructions are associated with a 
virus, and to transmit the ones of the instructions not associated with 
the virus to the second functional unit (section 1 Introduction, i.e., solution 

to attacks - the first paragraph, Sparc return address handlings - the second 

paragraph). 

Claims 2-6: various virus detection and handling (section 1 Introduction, i.e., 
solution to attacks - the first paragraph, Sparc return address handlings - the second 
paragraph). 

Claim 7: apparatus, etc, (section 1 Introduction, i.e., solution to attacks - the first 
paragraph, Sparc return address handlings - the second paragraph). • 
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♦ 

Claims 10-11, 13-17: various virus detection and handling (section 1 Introduction, 
i.e., solution to attacks - the first paragraph, Sparc return address handlings - the 
second paragraph). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed 
or described as set forth in section 102 of this title, if the differences between the 
subject matter sought to be patented and the prior art are such that the subject 
matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was 
made. 

Claims 8-9, 12, 18-26 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Frantzen (Frantzen, Shuey, StackGhost: Hardware Facilitated Stack Protection, 
Proceedings of the 1 0 th USENIX Security Sympsium, August, 2001 ). 

Claims 8-9, 12, 18-26 recite "virus signatures." 

Regarding Claims 8, Frantzen teaches as noted in the previous paragraphs. 

These passages of Frantzen do not teach "virus signatures" handling in 
processor hardware in the sense of the claim. 

Frantzen does teach use of the return address stack (section 3.4). This permits 
the use of hash table as noted in Frantzen (section 3.4). Frantzen does suggest Non- 
Exec pages (section 7.5). These approaches, such as Sun's non-executable stack 
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(mentioned in section 7.5, albeit only a mention and not explicit discussion) are, of 
course, now standard features in almost all 64-bit processors. These features, such as 
return address stack handlings, permit handling of virus signatures (see the fourth 
paragraph of section 3.4 which shows comparing the random number on the stack so 
as to find an exploit - a virus signature). 

Thus, it was well known in the art to. use stack handlings (e.g., non-executable 
stack) for the motivation of virus protection. 

Hence, it would have been obvious to those of ordinary skill in the art at the time 
of the claimed invention to modify Frantzen for the motivation noted in the previous 
paragraphs so as to teach the claimed invention. 

Other than "virus signatures", Frantzen teaches other features of claims 9 
(authentication), 12 (comparing instructions, etc.): (see the fourth paragraph of section 
3.4 which shows comparing the random number on the stack so as to find an exploit - a 
virus signature). 

Other features of claims 18-20 (instruction cache, etc.) are well known in the art 

* 

for the motivation of performance enhancement. 

Other features of claims 21-26 (memory hardware, etc.) are well known in the art 
for the motivation of information storage. 

Conclusion 

The art made of record and not relied upon is considered pertinent to applicant's 
disclosure. The art disclosed general background. 
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THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Points of Contact 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
Washington, D.C. 20231 

or faxed to: 

■ « 

(571) 273-8300, (for formal communications intended for entry) 
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Or: 

(571) 273-3836 (for informal or draft communications, please label "PROPOSED" or 
"DRAFT") 

Any inquiry concerning this communication or earlier communications from the 

* 

examiner should be directed to David Jung whose telephone number is (571) 272-3836 
or Kambiz Zand whose telephone number is (272) 272-381 1. 



David Jung 




Patent Examiner 
6/23/07 



